January 2019
Beginner
404 pages
8h 53m
English
Content preview from Becoming the Hacker
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Foothold
Interacting with the web application provided by the Docker VM, we notice it is running a WordPress instance:
Figure 13.4: WordPress application served by the VM
The next step in our attack will be running the wpscan tool and looking for any low-hanging fruit, and gathering as much information about the instance as possible.
Note
The wpscan tool is available on Kali and almost any other penetration-testing-focused distribution. The latest version can be pulled from https://github.com/wpscanteam/wpscan.
We can start our attack by issuing a wpscan command in the attack machine terminal. By default, passive detection will be enabled to look for ...